Given what a dumpster fire npm ecosystem is security wise, it's best to run the whole build chain in a container anyway, at least for frontend apps. This way you also don't care about the chosen package manager or node.js version - you can just set it as you wish in the Dockerfile. It does take more disk space though, but to me it's a nice compromise.

Containers don't provide much protection from malware, unless you're running it rootless under an unprivileged user (no sudo access, no ssh keys or anything else interesting in the home directory, etc; and even then it's limited because the attack surface is enormous).

I mean, of course? Especially, why would I put ssh keys and similar in the container?

This still doesn't mean that one can install just any package, but it does make it much more difficult for it to do much harm. Breaking out of a container is not as trivial as it once was. That said, it is not a perfect solution, so I'd be happy to hear of better ones. Any suggestions?

No ssh keys or anything else interesting available to the user you're running the container engine under (and containers themselves). Not the user _inside_ the container, but on the main system.

gVisor, VMs

Genuinly curious: do people in US report tips on their tax forms? (forgive my ignorance - tips are much less common around where I live)

Not if they are cash tips, obviously.

Because why would anyone do that. But legally speaking, yes, you have to.

There seem to be quite a few Europes around. The one I live in uses mostly Zoom, with some Teams, Skype, Slack and even Jitsi thrown in the mix.

Yeah, Teams is the worst of them in every dimension.

We used to be on Zoom for video meetings, then it lost favor due to fears of industrial espionage (the encryption crisis, etc.) and via Office 365, Teams snuck up. Initially as a Zoom replacement only for video meetings, too, but lately folks seem to be discovering the other functionality and it's creeping in.

Atlassian (Confluence/JIRA) otherwise.

Not a fan of Zoom myself, just - it seems to be used quite a lot around me. For me Jitsi is king for video conferencing.

Sorry about Jira. :)

The condolences are appreciated ... :-)

Zoom's ugly as hell, but the Linux client has long been fairly reliable. Teams meanwhile is plagued by issues that don't seem to affect some other Electron-based apps or Chromium. During meetings it'll start out fine, then a minute in it'll suddenly use microphone. Opening any settings views tends to knock audio out of working state, too. Their official forums are full of threads on this, and support people suggesting crazy mitigations such as running it as root (admin user).

The most recent release seems to be from September 2021, which is positively ancient for something based on a browser engine and using it to display complex content from remote hosts.

Not least, it doesn't seem to allow include Yubikey access which is a bit of bummer when that becomes a company wide thing.

Then again Microsoft sites don't seem to work with security keys in Firefox either.

I actually preferred teams to slack+zoom last few times I had to use it at a client.

On MacOS it behaves pretty ok. Once you get used to the weird double text box.

Lync is getting killed? Nice! Can we please take care of Teams next?

OSS actually sometimes does that - here is what we do, and hey, someone else is doing something similar.

True. It is just evidence that sometimes modern medicine doesn't have any superiority over quack medicines either.

The data is incoming, no worries.

Is there something like Oculus but... Well, in control of the user? Or at least less FB-y?

It will come. FB is investing the big bucks but once they start seeing real success (and they are) others will see the value and start competing for real.

Me too. Had to go back to Windows at $JOB recently and find the experience... unpleasant, to put it mildly. I guess once you get used to a certain way it's difficult to change it. Hoping to get rid of Windows again soon. Can't imagine using W11, from what I've seen.

Heh, MS Teams... I wonder if the UX team is the same as for SharePoint. They both suck in a similar way - fortunatelly I can mostly avoid them both.